ModSecurity is a free web application firewall (WAF) which is a simple, powerful way to protect a server against web-based malware and hacking attempts. Learn how to install ModSecurity and the officially-recommended OWASP Core Rule Set (CRS) which will protect a server against malware and hacking in the form of SQL injection, session hijacking, cross-site scripting, Trojans, and many other forms of web-based exploits.
For any Cloud Server with Plesk, administrative functions like adding and managing Apache modules should always be done using the Plesk interface.
- A Cloud Server with Plesk Onyx (any operating system)
This tutorial uses the Power User view. You can change the Plesk view by clicking Change View at the bottom of the column on the left.
Log in to Plesk. Click Tools & Settings > Plesk: Updates and Upgrades.
Click Add/Remove Components.
Click + to expand the Web Hosting group.
Click the arrow beside ModSecurity.
Click Install to add ModSecurity to the install list.
After Plesk has finished installing the selected product, click OK to continue.
After installing ModSecurity, return to Tools & Settings to enable it.
ModSecurity can now be found in the Security group. Click on Web Application Firewall (ModSecurity).
Activate the Web application firewall mode.
Choose a security ruleset for ModSecurity to use. Atomic Basic ModSecurity is a good starting choice.
Click OK to activate ModSecurity.